In a much-anticipated court ruling, a Minnesota federal judgesaid Tuesday that Target Corp. had a duty to protect debit andcredit card information from cyberthieves.

U.S. District Judge Paul Magnuson rejected Target's attempt todismiss claims filed by a group of financial institutions seekingdamages related to the retailer's data breach in late 2013, court documents said.

The judge ruled that the plaintiffs, which include the $282million CSE Federal Credit Union of Lake Charles, La., have aplausible case for negligence because Target played a key role inallowing cyberthieves to hack into computer systems and obtain carddata and possibly personal information of card holders, thedocuments said.

Magnuson agreed to allow three of four claims made by plaintiffsto move forward, but dismissed one count that claimed negligentmisrepresentation by omission, which was related to Target'ssecurity system, the documents said.

The existing claims allege negligence, failure to providesufficient security and violations of Minnesota's Plastic SecurityCard Act, the documents said.

“Plaintiffs have plausibly alleged that Target's actions andinactions – disabling certain security features and failing to heedthe warning signs as the hackers' attack began – caused foreseeableharm to plaintiffs,” Magnuson wrote in his decision. “Plaintiffshave also plausibly alleged that Target's conduct both caused andexacerbated the harm they suffered.”

The judge's ruling will enable the five lead plaintiffs, CSEFCUand four banks, to continue on their path of seeking class-actionstatus on behalf of lenders nationwide, the documents said.

The much-anticipated ruling was praised by attorneysrepresenting the credit union and banks.

“We are pleased by the order issued by thecourt yesterday,” said attorney Bryan Bleichner, a partner with theMinneapolis-based law firm, Chestnut Cambronne, which is part ofthe legal team representing the plaintiffs. “It was a very gooddecision for all financial institutions affected by the Target databreach and a positive step forward as we seek to recover theeconomic losses suffered by financial institutions as a result ofthe breach.”

Following the Target breach in 2013, the Minneapolis-basedretailer faced a storm of lawsuits.

The $220 million Alabama State Employees Credit Union of Montgomery, Ala., wasthe first financial institution to sue the retailer. Othercooperatives, such as the $38 million First Choice Federal CreditUnion of New Castle, Penn., have also joined in litigation acrossthe country aimed at giant retailers such as Target and HomeDepot.

The courts have consolidated all the federal cases into twolawsuits, one involving financial institutions and the otherincluding consumers.

The financial institutions are seeking millions in damages torecover costs related to the breach, including issuing new creditand debit cards, according to court records.

In its motion seeking dismissal, Target said the affected creditunions and banks were sophisticated parties that lacked the closeties to the retailer necessary to support the legal claims.

Target also asked Magnuson to dismiss a related class-actionlawsuit filed by consumers, according to national media.

More than 40 million credit cards were compromised in the breachand more than 100 million people may have had personal information,such as email addresses and phone numbers, stolen as a result ofthe incident, according to national media reports.

Target said it does not comment on pending litigation.